CVE-2026-35167: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in kedro-org kedro
Kedro versions prior to 1. 3. 0 contain a path traversal vulnerability in the _get_versioned_path() method, which improperly handles user-supplied version strings. This allows an attacker who can control the version string to cause Kedro to load files outside the intended versioned dataset directory. The issue affects multiple entry points including catalog. load, DataCatalog. from_config, and the CLI. This vulnerability can lead to unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. The vulnerability is fixed in Kedro version 1. 3.
AI Analysis
Technical Summary
Kedro's _get_versioned_path() method in versions before 1.3.0 constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because these version strings are used as path components, traversal sequences such as '../' are preserved, enabling path traversal attacks. This vulnerability is reachable through multiple interfaces including catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI command kedro run --load-versions=dataset:../../../secrets. An attacker able to influence the version string can force Kedro to access files outside the intended directory, potentially exposing sensitive data or enabling data poisoning. The issue is resolved in version 1.3.0.
Potential Impact
Successful exploitation allows an attacker with the ability to influence version strings to read unauthorized files outside the intended dataset directory. This can result in exposure of sensitive information, data poisoning, or unauthorized cross-tenant data access in shared environments. The CVSS score of 7.1 reflects high confidentiality impact with limited integrity impact and no availability impact.
Mitigation Recommendations
This vulnerability is fixed in Kedro version 1.3.0. Users should upgrade to version 1.3.0 or later to remediate this issue. No official patch or temporary fix is indicated beyond upgrading. Until upgraded, avoid passing untrusted input as version strings to the affected methods and CLI options.
CVE-2026-35167: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in kedro-org kedro
Description
Kedro versions prior to 1. 3. 0 contain a path traversal vulnerability in the _get_versioned_path() method, which improperly handles user-supplied version strings. This allows an attacker who can control the version string to cause Kedro to load files outside the intended versioned dataset directory. The issue affects multiple entry points including catalog. load, DataCatalog. from_config, and the CLI. This vulnerability can lead to unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. The vulnerability is fixed in Kedro version 1. 3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Kedro's _get_versioned_path() method in versions before 1.3.0 constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because these version strings are used as path components, traversal sequences such as '../' are preserved, enabling path traversal attacks. This vulnerability is reachable through multiple interfaces including catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI command kedro run --load-versions=dataset:../../../secrets. An attacker able to influence the version string can force Kedro to access files outside the intended directory, potentially exposing sensitive data or enabling data poisoning. The issue is resolved in version 1.3.0.
Potential Impact
Successful exploitation allows an attacker with the ability to influence version strings to read unauthorized files outside the intended dataset directory. This can result in exposure of sensitive information, data poisoning, or unauthorized cross-tenant data access in shared environments. The CVSS score of 7.1 reflects high confidentiality impact with limited integrity impact and no availability impact.
Mitigation Recommendations
This vulnerability is fixed in Kedro version 1.3.0. Users should upgrade to version 1.3.0 or later to remediate this issue. No official patch or temporary fix is indicated beyond upgrading. Until upgraded, avoid passing untrusted input as version strings to the affected methods and CLI options.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-01T17:26:21.133Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3f4be0a160ebd92ce2ef4
Added to database: 4/6/2026, 6:00:30 PM
Last enriched: 4/14/2026, 4:05:49 PM
Last updated: 5/21/2026, 5:19:17 PM
Views: 53
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.